--- cpasswd.c.orig	Sat Dec 13 23:50:36 1997
+++ cpasswd.c	Sat Nov 30 21:44:13 2013
@@ -50,7 +50,8 @@ main(argc,argv)
 	int ciph=CFS_STD_DES;
 	int cfmt=1;
 	unsigned char ekey[128];
-	
+	int l;
+
 	while (--argc && (**++argv == '-')) {
 		for (flg= ++*argv; *flg; ++flg)
 			switch (*flg) {
@@ -68,13 +69,25 @@ main(argc,argv)
 			fprintf(stderr,"Can't stat current directory\n");
 			exit(1);
 		}
-		sprintf(dir,"%s/%s",buf,argv[0]);
-	} else
-		strcpy(dir,argv[0]);
-	sprintf(kname,"%s/..k",dir);
-	sprintf(nname,"%s/..n",dir);
-	sprintf(oname,"%s/..o",dir);
-	sprintf(lname,"%s/..data",dir);
+		l = snprintf(dir, sizeof(dir), "%s/%s", buf, argv[0]);
+		if (l < 0 || l >= sizeof(dir)) {
+			fprintf(stderr, "File name too long\n");
+			exit(1);
+		}
+	} else {
+		if (strlcpy(dir, argv[0], sizeof(dir)) >= sizeof(dir)) {
+			fprintf(stderr, "File name too long\n");
+			exit(1);
+		}
+	}
+	l = snprintf(lname, sizeof(lname), "%s/..data", dir);
+	if (l < 0 || l >= sizeof(lname)) {
+		fprintf(stderr, "File name too long\n");
+		exit(1);
+	}
+	(void)snprintf(kname, sizeof(kname), "%s/..k", dir);
+	(void)snprintf(nname, sizeof(nname), "%s/..n", dir);
+	(void)snprintf(oname, sizeof(oname), "%s/..o", dir);
 	if (chdir(lname) >= 0)
 		strcpy(dir,lname);
 	else if (chdir(dir)<0) {
@@ -82,8 +95,12 @@ main(argc,argv)
 		exit(1);
 	}
 
-	sprintf(cname,"%s/..c",dir);
-	sprintf(sname,"%s/..s",dir);
+	l = snprintf(cname, sizeof(cname), "%s/..c", dir);
+	if (l < 0 || l >= sizeof(cname)) {
+		fprintf(stderr, "File name too long\n");
+		exit(1);
+	}
+	(void)snprintf(sname, sizeof(sname), "%s/..s", dir);
 	if ((fp=fopen(cname,"r")) == NULL) {
 		fprintf(stderr,"Can only change passphrase on new format CFS directories\n");
 		exit(1);
@@ -113,7 +130,7 @@ main(argc,argv)
 		exit(1);
 	}
 	if (smsize != LARGESMSIZE)
-		sprintf(pw,"%s%d",pw,smsize);
+		(void)snprintf(pw, 256, "%s%d", pw, smsize);
 	if (new_pwcrunch(pw,&oldkey)!=0) {
 		fprintf(stderr,"Invalid key\n");
 		exit(1);
@@ -144,7 +161,7 @@ main(argc,argv)
 		exit(1);
 	}
 	if (smsize != LARGESMSIZE)
-		sprintf(pw,"%s%d",pw,smsize);
+		(void)snprintf(pw, 256, "%s%d", pw, smsize);
 	if (new_pwcrunch(pw,&newkey)!=0) {
 		fprintf(stderr,"Invalid key\n");
 		exit(1);
@@ -182,9 +199,12 @@ checkkey(path,ak)
 	char fn[1024];
 	char buf[9];
 	cfskey k;
+	int l;
 	
 	copykey(ak,&k);
-	sprintf(fn,"%s/...",path);
+	l = snprintf(fn, sizeof(fn), "%s/...", path);
+	if (l < 0 || l >= sizeof(fn))
+		return 0;
 	if ((fp=fopen(fn,"r"))==NULL)
 		return 0;
 	if (fread(buf,8,1,fp)!=1) {
